Remote Code Execution Vulnerability in dtale by Man Group
CVE-2025-0655

9.8CRITICAL

Key Information:

Vendor

Man-group

Status
Man-group/dtale
Vendor
CVE Published:
20 March 2025

Badges

πŸ”₯ Trending nowπŸ“ˆ TrendedπŸ“ˆ Score: 1,310πŸ‘Ύ Exploit Exists🟣 EPSS 66%πŸ“° News Worthy

What is CVE-2025-0655?

CVE-2025-0655 refers to a remote code execution vulnerability found in the dtale application developed by Man Group. Dtale is a popular tool designed for the visualization and exploration of pandas data structures, widely used in data analysis. The vulnerability in question could potentially allow an attacker to execute arbitrary code on a system where dtale is running, compromising the integrity and confidentiality of sensitive data processed by the application. Given that dtale operates in environments often handling critical business intelligence, the implications of this vulnerability could be severe for organizations relying on this software to manage data insights and analytics.

This particular CVE entry is a duplicate and has been marked as rejected, instructing users to reference another CVE identifier (CVE-2024-55890) instead. Despite this, the acknowledgment of the underlying issue indicates the need for robust security measures to mitigate exploitation risks in similar contexts.

Potential Impact of CVE-2025-0655

  1. Risk of Data Breach: The remote code execution vulnerability allows attackers to take control of the affected system, potentially leading to unauthorized access to sensitive data, such as customer information or proprietary business analytics.

  2. Integrity Compromise: Exploitation of this vulnerability could enable malicious actors to modify or corrupt data handled by dtale, impacting the reliability of critical business decision-making processes. This could result in erroneous analytics and detrimental operational decisions.

  3. Operational Disruption: The ability to execute arbitrary code on impacted systems could lead to significant service disruptions or downtime, as organizations work to remediate the vulnerabilities and restore normal operations.

Affected Version(s)

man-group/dtale < 3.16.1

News Articles

favicon imagewww.itsecuritynews.info

CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters - IT Security News

IT Security News - CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters -

2 days ago

favicon imageCVE Details

CVE-2025-0655 : A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to overrid

CVE-2025-0655 : A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the `enable_custom_filters` feature,

2 days ago

References

https://huntr.com/bounties/f63af7bd-5438-4b36-a39b-4c9046...
https://github.com/man-group/dtale/commit/1e26ed3ca12fe83...

EPSS Score

66% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CVE Details

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-0655 : Remote Code Execution Vulnerability in dtale by Man Group